Privacy & Data Protection
GDPR, CCPA, state privacy laws, data breach litigation, and data governance
Rituals Discloses Data Breach Impacting Millions of Customers
Cosmetics company Rituals has confirmed a data breach involving its membership database of 41 million customers, raising legal and compliance concerns for global privacy laws.
DHS Seeks $7.5M for Biometric Smart Glasses for ICE Agents
DHS has requested $7.5M to develop smart glasses with biometric ID for ICE agents, raising privacy and legal issues for counsel and legal tech specialists.
EU’s Top Court Strikes Down Hungary’s Anti-LGBTQ Law
The European Court of Justice ruled Hungary’s ban on LGBTQ+ content for minors violates EU law, marking an unprecedented judgment for fundamental rights across the EU bloc.
Met Police pilots privacy-conscious tech to tackle London shoplifting
The Met Police is testing a retail security platform that avoids live facial recognition, aiming to boost shoplifting prosecutions in London while addressing privacy concerns.
EU Tendered 'Sovereign' Cloud Contracts May Still Face US Legal Reach
EU contracts for 'sovereign' cloud services include providers linked to US firms, exposing sensitive European data to possible US legal demands despite compliance assurances.
Singapore Scholar Advocates Data Trusts for Healthcare Privacy Reform
A new study by Yuxin Zhao at NUS proposes data charitable trusts to balance patient privacy and data sharing in healthcare, offering new tools for legal and compliance teams.
Alabama Joins Privacy Law Surge as States Tighten Data Rules
Alabama enacts a broad consumer data privacy law; Kentucky, Virginia, and Nebraska update statutes, escalating compliance challenges for legal, in-house, and ops teams.
Federal Court Blocks DOJ Bid for Rhode Island Voter Data
A federal judge has dismissed the DOJ's lawsuit seeking detailed, unredacted Rhode Island voter data, reinforcing privacy protections and impacting future regulatory disputes.
CIPA Lawsuits Surge Over Web Tracking Pixels in California
Over 1,500 lawsuits cite California's Invasion of Privacy Act against websites using tracking pixels. Legal teams face liability risks amid ambiguous state law and steep statutory damages.
Atlassian’s AI to Use Base Tier User Metadata by Default, Limits Opt-Out
Atlassian will default to using metadata from Free and Standard plan users for AI training from August 2026. Only Enterprise customers retain a full opt-out. Legal, privacy, and compliance impact a...
TD Bank fraud case sparks legal scrutiny over $4,650 loss
TD Bank twice denied refund after scammers stole $4,650 from a Winnipeg woman—raising pressing compliance questions for legal and risk teams in the financial industry.
Congress Passes 10-Day Extension for Section 702 Surveillance Debate
Congress extends Section 702 surveillance powers for 10 days, delaying its expiration and giving lawmakers time to negotiate key privacy and security reforms.
Congress Splits Over Section 702 Surveillance Reform as 2026 Expiration Looms
US lawmakers debate reforms to Section 702 surveillance law, highlighting sharp divides and privacy concerns as the program faces 2026 expiration. Legal, compliance teams on alert.
Alabama Enacts Business-Friendly Consumer Data Privacy Law
Alabama becomes the 21st state with a consumer data privacy law, focusing on business-friendly provisions and new compliance obligations for companies handling personal data.
Federal Judge Backs $56M Flo Health Privacy Settlement
A federal court has tentatively approved a $56 million settlement over privacy claims against Flo Health and Google for sharing sensitive menstrual app data without consent.
Mozilla unveils Thunderbolt: Open-source AI with a privacy focus
Mozilla launches Thunderbolt, an open-source AI platform for enterprises, aiming to deliver data privacy not offered by proprietary rivals like OpenAI and Microsoft.
Federal Judge Lets CNN Privacy Lawsuit Over Adtech Tracking Move Forward
A federal judge has denied CNN's attempt to dismiss a privacy class action alleging undisclosed user data sharing with Microsoft and adtech partners, keeping the CIPA suit alive.
Google Chrome Under Scrutiny for Fingerprinting Privacy Gap
Privacy experts warn Google Chrome's lack of fingerprinting protection could expose organizations to tracking risks and compliance challenges under GDPR, CCPA.
Virginia Bans Sale of Precise Geolocation Data Under VCDPA
Virginia amends its Consumer Data Protection Act to ban selling precise geolocation data, intensifying compliance obligations for data controllers and privacy professionals.
Microsoft Recall Faces Renewed Scrutiny Over AI Privacy Risks
Microsoft's Recall AI feature, reintroduced with new security, faces fresh criticism as researchers expose ongoing privacy and cybersecurity vulnerabilities.